Vulnerability Description
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Snapd | < 2.59.5 |
| Canonical | Ubuntu Linux | 16.04 |
Related Weaknesses (CWE)
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523Third Party Advisory
- https://github.com/snapcore/snapd/pull/12849Issue TrackingPatch
- https://marc.info/?l=oss-security&m=167879021709955&w=2ExploitMailing List
- https://ubuntu.com/security/notices/USN-6125-1Third Party Advisory
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523Third Party Advisory
- https://github.com/snapcore/snapd/pull/12849Issue TrackingPatch
- https://marc.info/?l=oss-security&m=167879021709955&w=2ExploitMailing List
- https://ubuntu.com/security/notices/USN-6125-1Third Party Advisory
FAQ
What is CVE-2023-1523?
CVE-2023-1523 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap...
How severe is CVE-2023-1523?
CVE-2023-1523 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-1523?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Snapd, Canonical Ubuntu Linux.